Matthew Tharp is a Level 3 Analyst in the Dell/EMC Cyber Security Investigation and Response Team (CSIRT), managing network forensics and malware analysis. He grew up as an embedded firmware developer for guidance systems at a defense contractor and moved into security after developing the software stack to handle the TCP/IP stack in embedded systems. They let him out of his lab of 1’s and 0’s to talk with security professionals about the techniques he uses to help protect one of the largest IT companies in history.

Topic: Hunting Methodology: A key to the labyrinth of network forensics

Proactive hunting is the newest cybersecurity strategy and promises great potential. But where is one to start in the world of network forensics? This presentation presents a methodology for exactly that. It walks through the maze of network protocols with a spool of thread; discussing the protocols of interest, what to look for in each protocol, and how to find the cheese.